I have a action filter which I am using to track user activity. I'm also saving user agents to the database to see what devices my site is most commonly access through. My concern is SQL injection as if I use my browser to adjust my user agent I can inject sql. Does anyone have any idea how I could filter or validate these user agent strings?
ActionLog log = new ActionLog()
{
UserName = filterContext.HttpContext.User.Identity.Name,
Controller = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName,
Action = filterContext.ActionDescriptor.ActionName,
IP = filterContext.HttpContext.Request.UserHostAddress,
DateTime = filterContext.HttpContext.Timestamp,
UserAgent = filterContext.HttpContext.Request.UserAgent
};
db.AddToActionLogs(log);
db.SaveChanges();